HomeIT ServicesIdentity & Security ConsultingPwC
Identity & Security ConsultingLondon, United Kingdom

PwC Review 2026 — Identity & Security Consulting

4.1/ 5.0 from 2,210 verified buyer references
Founded
1998 (merger)
Headquarters
London, United Kingdom
Employees
~370,000 (FY2024)
Regions Served
152 countries
Industries
Financial services, public sector, healthcare
Typical Engagement
$500K–$40M+ programmes

Overview

PwC (PricewaterhouseCoopers) is one of the Big Four professional services networks, formed in 1998 through the merger of Price Waterhouse and Coopers & Lybrand. The network reported US$55.4 billion in aggregate revenue for FY2024 across approximately 370,000 employees in 152 countries. PwC operates as a network of member firms; Mohamed Kande serves as PwC Global Network Chair from July 2024. Cyber and identity sit within the Risk Services line of business, with significant cyber revenue concentrated in PwC US, PwC UK, PwC Germany, and PwC Australia.

Within identity and security consulting, PwC fields a substantial Big Four practice covering identity strategy, IGA implementation on SailPoint and Saviynt, PAM on CyberArk and BeyondTrust, customer identity, and managed identity operations. The firm holds top-tier alliance status with SailPoint, Microsoft, Okta, Saviynt, and CyberArk. Cyber and identity work is heavily anchored in financial services, where PwC's audit dominance in banking and capital markets drives demand for SOX, DORA, and operational resilience programmes that include identity controls. PwC also runs a meaningful incident response and threat intelligence practice through PwC Cyber Security.

PwC is typically a fit for regulated enterprises and global financial services buyers that want identity work bundled with risk, regulatory compliance, and operational resilience programmes. The firm is rarely the cheapest option and faces the same audit-conflict constraints as other Big Four members in the US market. Smaller single-platform IGA deployments under US$1 million are usually better served by Optiv, SailPoint Professional Services, or another specialist.

Services Offered

Typical Engagement

Engagement TypeModelTypical Range
IAM strategy and target state designFixed-fee project$250K–$1M (6–12 weeks)
IGA or PAM implementationFixed-fee or T&M$1.8M–$9M (8–18 months)
Enterprise identity transformationMulti-year outcome contract$10M–$40M+ (24–42 months)
Managed identity servicesMonthly retainer$70K–$800K per month
Staff augmentation (Certified IAM)Hourly bill rate$175–$330/hour blended

Pricing ranges verified May 2026 from public procurement records, identity vendor channel benchmarks, and reference checks. PwC Acceleration Centres in India and Poland lower blended rates by 20–35%.

Strengths

  • Deep cyber and identity bench in financial services, anchored by leading global banking audit relationships
  • Strong regulatory and resilience advisory for SOX, DORA, NIS2, MAS, APRA, and PRA requirements
  • Top-tier alliance status with SailPoint, Microsoft Entra, Okta, Saviynt, and CyberArk
  • Acceleration Centres in India and Poland deliver competitive blended rates for IGA platform work
  • Integrated delivery combining identity with internal audit, controls testing, and regulatory reporting
  • Mature global cyber crisis response capability supporting incident-driven IAM remediation

Limitations

  • Premium pricing — partner and director rates frequently exceed US$400/hour onshore
  • Audit-client independence rules restrict the addressable buyer base in the US for non-audit clients only
  • Methodology-heavy delivery can slow product-led IGA work compared with specialist firms
  • Identity bench is smaller than Deloitte's, particularly outside financial services
  • Recent partnership restructuring in PwC US and UK has driven senior consultant churn during multi-year programmes

Regions Served

United States United Kingdom Germany India Australia Canada France Singapore Switzerland

Alternatives

Deloitte
Larger Big Four cyber practice, deeper non-financial industry coverage
4.2
KPMG
Big Four peer, stronger on IGA segregation-of-duties analytics
4.1
EY
Big Four peer, deeper coverage in energy and life sciences cyber
4.1
Optiv
Specialist alternative, 15–25% lower pricing, vendor-agnostic
4.3
Accenture Security
Largest non-Big-Four practice, deeper systems integration capability
4.2

Compare PwC

PwC vs Deloitte → PwC vs KPMG → PwC vs EY →

Frequently Asked Questions

What is PwC's typical identity project size?
PwC rarely accepts identity engagements below US$500,000 in total contract value. Most IAM strategy and target-state projects land between US$250,000 and US$1 million over six to twelve weeks. SailPoint, Saviynt, CyberArk, or BeyondTrust implementations typically run US$1.8 million to US$9 million over eight to eighteen months. Enterprise identity transformation programmes that integrate identity with SOX, DORA, or operational resilience workstreams span US$10 million to US$40 million or more over 24 to 42 months.
How does PwC price managed identity services?
PwC prices managed identity services on monthly retainers typically between US$70,000 and US$800,000 per month, scaled to platform scope, identity population, and SLA targets. Most retainers cover Level 2 and Level 3 platform administration, scheduled access certifications, role and policy management, regulatory reporting support, and a defined hours pool for connector and workflow enhancements. PwC Acceleration Centres in India and Poland are used for most run-state operations.
How does PwC compare to Deloitte for identity?
Deloitte runs the larger Big Four cyber practice globally, with broader industry coverage and a stronger zero-trust transformation bench. PwC has greater depth in financial services, particularly retail banking, insurance, and capital markets, where audit relationships drive demand for integrated controls and identity work. PwC pricing is broadly comparable to Deloitte for similar scope. PwC tends to win more often where the buyer needs financial services regulatory advisory alongside identity delivery.
Which industries does PwC specialise in for identity?
PwC has the deepest Big Four identity assets in retail banking, capital markets, insurance, asset management, and public sector. The firm maintains pre-built process accelerators for SOX, DORA, NIS2, MAS, APRA, and FFIEC requirements. PwC Public Sector serves the US federal market with cleared personnel and FedRAMP-aligned delivery. The firm is comparatively lighter in retail, consumer goods, and life sciences than Deloitte and Accenture for identity-specific work.
Can PwC deliver onshore-only identity programmes?
Yes. PwC maintains onshore identity capacity in the United States, United Kingdom, Germany, Australia, Canada, France, and Switzerland, with cleared US federal personnel for public sector engagements. Onshore-only delivery runs roughly two to three times higher than blended pyramids that use the PwC Acceleration Centres in Bangalore, Hyderabad, and Katowice. Senior architect capacity is constrained for SailPoint and CyberArk programmes, with staffing lead times of 60 to 90 days for complex engagements.
Last updated: May 2026

About PwC

Formed 1998 from the merger of Price Waterhouse and Coopers & Lybrand. Headquarters: London, United Kingdom (PwC International Limited). Approximately 370,000 employees. Revenue: US$55.4B (FY2024). Global Network Chair: Mohamed Kande (from July 2024). Top-tier alliance with SailPoint, Microsoft Entra, Okta, Saviynt, and CyberArk.

All Identity & Security Consulting Providers → Identity Consulting in United States → Identity Consulting in United Kingdom →

Related Categories

Cybersecurity Services IT Governance & Compliance Data Privacy & GDPR Change Management Digital Transformation

Research

Identity Consulting RFP Guide 2026 Identity Consulting Pricing Benchmark Best Identity Consultancy for Financial Services
Last updated: